exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2018-12-12

WordPress Snap Creek Duplicator Code Injection
Posted Dec 12, 2018
Authored by Thomas Chauchefoin, Julien Legras | Site metasploit.com

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2018-17207
SHA-256 | 905691265705b4759d72dab396f504f56f641ea40f5dc5bc5702ab0b07cd1d7f
HotelDruid 2.3 SQL Injection
Posted Dec 12, 2018
Authored by Sainadh Jamalpur

HotelDruid version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 11b38724d265b9e6530ac7b0289d6b09e9addb9791d2ed8364071749a56b6949
Apache OFBiz 16.11.05 Cross Site Scripting
Posted Dec 12, 2018
Authored by DKM

Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c09820f730d19c9f69517cd82a60317de70691ae955494b62f571de021053379
WordPress AutoSuggest 0.24 SQL Injection
Posted Dec 12, 2018
Authored by Kaimi

WordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9ae254553a2b2f473f0546a783c22f8dc823d28fef5baa1279d95f18d12cf2e3
ThinkPHP 5.x Remote Code Execution
Posted Dec 12, 2018
Authored by VulnSpy

ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f7e20d2a8ac1a511c88ba6dcd93cdc57528b015ebc0771753754ca00b620d5eb
Huawei B315s-22 Information Disclosure
Posted Dec 12, 2018
Authored by Usman Saeed

Huawei B315s-22 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-7921
SHA-256 | 2d4aa1c2293c9c5b40be0b5521cc53c7fee1572a7627085c37014fd899606e47
Adobe ColdFusion 2018 Shell Upload
Posted Dec 12, 2018
Authored by Pete Freitag

Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2018-15961
SHA-256 | 6d9b1d1741c77f9c05d013bc913c530aed0fc116578b9cea6fe2208f752cbb54
TP-Link Archer C1200 Cross Site Scripting
Posted Dec 12, 2018
Authored by Usman Saeed

TP-Link Archer C1200 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13134
SHA-256 | 83d143b569a1381efb2ee9cf7ad69b410982ab6e5989be1c3e0c98d39c56a91e
PrestaShop 1.6.x / 1.7.x Remote Code Execution
Posted Dec 12, 2018
Authored by farisv

PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-19125, CVE-2018-19126
SHA-256 | 3627f9c9ad956d71a59e5b9932d55d2dde63c5f37a57adfbfb055f2ae1be4e00
Tourism Website Blog Code Execution / SQL Injection
Posted Dec 12, 2018
Authored by Ihsan Sencan

Tourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
SHA-256 | 08d68393fdf17e968b9f64ec06ec07b7102169f6a3cf22d3839d3778f4113bfd
Alumni Tracer SMS Notification Cross Site Request Forgery / SQL Injection
Posted Dec 12, 2018
Authored by Ihsan Sencan

Alumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 6913eaef25862e005d06defd02909d8a38e4844c8db9f86e7a6ea3f946ec621a
Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) Shellcode
Posted Dec 12, 2018
Authored by T3jv1l

95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode.

tags | x86, shellcode, bash
systems | linux
SHA-256 | 680426a3f5a1bca289c7211b9fde035fd3ea3ff2cefde80c678d8fa8c9c28153
PHP Source Code Analysis
Posted Dec 12, 2018
Authored by Engin Demirbilek

Whitepaper called PHP Source Code Analysis. Written in Turkish.

tags | paper, php
SHA-256 | eed125e2cc2676aec303d76c9979e0735faf36491551cb904ab2c7ddf56da611
SmartFTP Client 9.0.2623.0 Denial Of Service
Posted Dec 12, 2018
Authored by Alejandra Sanchez

SmartFTP Client version 9.0.2623.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | dc56515c3028781328190b3d2cf17b3af2d7c3b9dcc78f05706d35bd8e7b9e11
LanSpy 2.0.1.159 Buffer Overflow
Posted Dec 12, 2018
Authored by Gionathan Reale

LanSpy version 2.0.1.159 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | bb37180f175fcc54609b54bad13017d3419222c28f7481f5913778903c25cf7b
PrinterOn Enterprise 4.1.4 Arbitrary File Deletion
Posted Dec 12, 2018
Authored by bzyo

PrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-19936
SHA-256 | 03bd58d699a1641571b06266f49cf4355cadc56b6f6b93031bbb8cfa2f7b8a44
CUPS Weak Session Cookie Generation
Posted Dec 12, 2018
Authored by Jann Horn, Google Security Research

CUPS generates session cookies srandom(time(NULL)) and random() on Linux.

tags | advisory
systems | linux
advisories | CVE-2018-4700
SHA-256 | 3b69505f07ce22a5883565aef22b4c6989365de343f9d6a0d32ff53d8c0cdb06
Linux userfaultfd tmpfs File Permission Bypass
Posted Dec 12, 2018
Authored by Jann Horn, Google Security Research

Linux userfaultfd bypasses tmpfs file permissions.

tags | exploit
systems | linux
advisories | CVE-2018-18397
SHA-256 | 1b8d3ce7875318cd21ad32bec57be7ed660168064accdd2e8a8b60fc13d6aadf
Logitech Options Craft WebSocket Server Missing Authentication
Posted Dec 12, 2018
Authored by Tavis Ormandy, Google Security Research

The Logitech "Options" craft websocket server has no authentication.

tags | advisory
SHA-256 | 7c7de89f583ea659585f3e8dd4650ee29fa605c5b894ccd2a63a5c8f78b1c7da
WebKit JIT Proxy Object Issue
Posted Dec 12, 2018
Authored by Google Security Research, lokihardt

WebKit JIT int32/double arrays can have proxy objects in the prototype chains.

tags | exploit
advisories | CVE-2018-4438
SHA-256 | b72e0f1dda78c9271d153bfcea2251e8e8076edf33feb8f85efce34262d3b258
Ubuntu Security Notice USN-3844-1
Posted Dec 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12405, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18494, CVE-2018-18497, CVE-2018-18498
SHA-256 | 5381a46fa222c6954f33d32c8b26fe2c3b1a4a79cb6b08419a803edb1c68022e
Microsoft Security Bulletin CVE Revision Increment For December, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft bulletin summary lists CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2018-0952, CVE-2018-8650
SHA-256 | 3a9eb085438649d691cd34a1ff123cec54b8f2d5ab71bb7ffe8d4e7ca8526f31
Microsoft Security Update Summary For December 11, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft summary lists Microsoft security updates released for December 11, 2018.

tags | advisory
SHA-256 | 3037b9036c07dd62bf3842538d5dd2a588a3e4bec93c116a08129eb9b7ca1535
Microsoft Security Advisory Updates For December 11, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on December 11, 2018.

tags | advisory
SHA-256 | ba7bfa0c3a819af5c6743a5b46e01018e37602efba5e1d72cfd4334d6904635a
Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept
Posted Dec 12, 2018
Authored by Marcin Kozlowski

This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.

tags | exploit, vulnerability, code execution, proof of concept
systems | linux
SHA-256 | 778d2218c137533f1b5a870d4881b65e376de7c26bbe92fcc05d05af21c7c1e1
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close